Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux Workstation
Subscriptions
Total
1850 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0764 | 1 Redhat | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 3 more | 2025-04-20 | 6.2 Medium |
| Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes. | ||||
| CVE-2016-7426 | 4 Canonical, Hpe, Ntp and 1 more | 10 Ubuntu Linux, Hpux-ntp, Ntp and 7 more | 2025-04-20 | 7.5 High |
| NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. | ||||
| CVE-2015-7529 | 3 Canonical, Redhat, Sos Project | 9 Ubuntu Linux, Enterprise Linux, Enterprise Linux Desktop and 6 more | 2025-04-20 | 7.8 High |
| sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. | ||||
| CVE-2016-4446 | 2 Redhat, Setroubleshoot Project | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 3 more | 2025-04-20 | N/A |
| The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function. | ||||
| CVE-2016-9560 | 3 Debian, Jasper Project, Redhat | 9 Debian Linux, Jasper, Enterprise Linux and 6 more | 2025-04-20 | 7.8 High |
| Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. | ||||
| CVE-2017-1000410 | 3 Debian, Linux, Redhat | 13 Debian Linux, Linux Kernel, Enterprise Linux and 10 more | 2025-04-20 | N/A |
| The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes). | ||||
| CVE-2018-1000156 | 4 Canonical, Debian, Gnu and 1 more | 14 Ubuntu Linux, Debian Linux, Patch and 11 more | 2025-04-14 | N/A |
| GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. | ||||
| CVE-2014-7145 | 3 Canonical, Linux, Redhat | 7 Ubuntu Linux, Linux Kernel, Enterprise Linux and 4 more | 2025-04-12 | N/A |
| The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals. | ||||
| CVE-2015-8317 | 5 Canonical, Debian, Hp and 2 more | 11 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 8 more | 2025-04-12 | N/A |
| The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. | ||||
| CVE-2014-7840 | 2 Qemu, Redhat | 8 Qemu, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-04-12 | N/A |
| The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. | ||||
| CVE-2014-4652 | 4 Canonical, Linux, Redhat and 1 more | 8 Ubuntu Linux, Linux Kernel, Enterprise Linux and 5 more | 2025-04-12 | N/A |
| Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. | ||||
| CVE-2014-8567 | 2 Redhat, Uninett | 8 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2025-04-12 | N/A |
| The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data. | ||||
| CVE-2016-7864 | 6 Adobe, Apple, Google and 3 more | 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more | 2025-04-12 | N/A |
| Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2016-7863 | 6 Adobe, Apple, Google and 3 more | 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more | 2025-04-12 | N/A |
| Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2014-9529 | 6 Canonical, Debian, Fedoraproject and 3 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2025-04-12 | N/A |
| Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. | ||||
| CVE-2016-0597 | 6 Canonical, Debian, Mariadb and 3 more | 17 Ubuntu Linux, Debian Linux, Mariadb and 14 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | ||||
| CVE-2015-8241 | 5 Canonical, Debian, Hp and 2 more | 11 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 8 more | 2025-04-12 | N/A |
| The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. | ||||
| CVE-2016-3717 | 3 Canonical, Imagemagick, Redhat | 11 Ubuntu Linux, Imagemagick, Enterprise Linux and 8 more | 2025-04-12 | N/A |
| The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | ||||
| CVE-2014-9585 | 7 Canonical, Debian, Fedoraproject and 4 more | 22 Ubuntu Linux, Debian Linux, Fedora and 19 more | 2025-04-12 | N/A |
| The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. | ||||
| CVE-2015-3411 | 2 Php, Redhat | 9 Php, Enterprise Linux, Enterprise Linux Desktop and 6 more | 2025-04-12 | N/A |
| PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files. | ||||